November 8, 2012

Parts Of Twitter Hacked, Many More Passwords Changed

Many may have found emails from Twitter in their inboxes this morning informing them that their accounts may have been compromised. In these emails, Twitter informs its users that they´ve already changed the password, but that they should log in and change the password to something they´ll be able to remember. As it turns out, this was true, as several users have claimed their accounts were hacked and used to send out the basic spammy Tweets. Mashable and TechCrunch, for instance, have said their accounts and the accounts of their employees had been a part of this compromise with all sorts of spammy links being sent. One such Tweet from TechCrunch offered a link for those interested in making $250 a day from home.

As with anything involving a glitch in Twitter, many news sites began reaching out to the company for comments or responses. Less than 4 hours after these emails began arriving, Twitter was ready with a reply. As it turns out, Twitter did notice a number of hacked accounts on their servers, but accidentally reset more passwords than they needed to.

It all comes down to their policy regarding these kinds of password hacks. Twitter explains the process in a statement on their blog:

“We´re committed to keeping Twitter a safe and open community. As part of that commitment, in instances when we believe an account may have been compromised, we reset the password and send an email letting the account owner know this has happened along with information about creating a new password. This is a routine part of our processes to protect our users.”

This is what happened to many users this morning. Twitter had already reset the password and sent users to a special link where they could choose a new (hopefully secure) password.

Twitter goes on in their statement, however.

“In this case, we unintentionally reset passwords of a larger number of accounts, beyond those that we believed to have been compromised. We apologize for any inconvenience or confusion this may have caused.”

Mashable and TechCrunch can attest that there were hacked accounts, but it appears as if not everyone who received an alerting email from Twitter has to worry about their followers clicking on dirty links.

The story is still developing, as Twitter has yet to say how these accounts were hacked or detail in what ways they store their passwords.

This brings up an all-too-familiar conversation, of course. The need for multiple, strong passwords is only becoming more important with each passing day. For instance, if a Twitter user employs one password for multiple accounts, this potential hack (no matter how widespread it really was) could have landed that user in a world of hurt. Not only would a hacker have access to Twitter, but likely Facebook and email as well.

It´s probably best for all Twitter users, despite if they received an email, to go ahead and change their passwords to something strong and secure. After all, it never hurts to be safe, and it especially never hurts to switch up passwords every so often, just to play offensive against potential hackers.